{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 33.3% of discovered routes show nearby authenticati", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 33.3% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Review the access matrix and add explicit framework auth declarations or policy-file exceptions for intentionally public routes."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AUC009", "name": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function", "shortDescription": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /v1"}, "fullDescription": {"text": "Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "SEC012", "name": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the t", "shortDescription": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "fullDescription": {"text": "Validate extracted paths with os.path.realpath() and ensure they stay within the target directory."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Publish a package-manager install path or add checksum/signature verification before execution. For docs, show the inspect-then-run flow and pin the downloaded artifact version."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Bind local agent bridges to 127.0.0.1 by default. If remote access is required, require a bearer token or mTLS, enforce origin/CSRF checks for browser clients, and document the threat model."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `_to_rust_browser_config` has cognitive complexity 10 (SonarSource scale).", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `_to_rust_browser_config` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 10."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": "Add missing patterns such as .env, .git, private keys, certificates, dependency folders, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "MINED070", "name": "[MINED070] Zig Undefined Init: var x: T = undefined leaves memory uninitialized. Often a foot-gun.", "shortDescription": {"text": "[MINED070] Zig Undefined Init: var x: T = undefined leaves memory uninitialized. Often a foot-gun."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely.", "shortDescription": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.", "shortDescription": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED048", "name": "[MINED048] Php Error Suppress (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED048] Php Error Suppress (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED046", "name": "[MINED046] Dart Print: print() in Flutter goes to console. Use debugPrint / logger.", "shortDescription": {"text": "[MINED046] Dart Print: print() in Flutter goes to console. Use debugPrint / logger."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 25 more): Same pattern found in 25 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 25 more): Same pattern found in 25 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors.", "shortDescription": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 19 more): Same pattern found in 19 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 16 more): Same pattern found in 16 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED122", "name": "[MINED122] package.json dep `@kreuzberg/kreuzcrawl-wasm` pulled from URL/Git: `devDependencies.@kreuzberg/kreuzcrawl-was", "shortDescription": {"text": "[MINED122] package.json dep `@kreuzberg/kreuzcrawl-wasm` pulled from URL/Git: `devDependencies.@kreuzberg/kreuzcrawl-wasm` = `file:../../crates/kreuzcrawl-wasm/pkg/nodejs` bypasses the npm registry. No integrity hash, no version locking, no"}, "fullDescription": {"text": "Publish the dependency to npm (or your private registry) and reference it by `^x.y.z`. If that's not possible, lock by commit SHA: `git+https://...#<full-sha>` AND verify the SHA in CI."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED128", "name": "[MINED128] go.mod replaces `github.com/kreuzberg-dev/kreuzcrawl/packages/go` \u2014 points to a LOCAL path: `replace github.c", "shortDescription": {"text": "[MINED128] go.mod replaces `github.com/kreuzberg-dev/kreuzcrawl/packages/go` \u2014 points to a LOCAL path: `replace github.com/kreuzberg-dev/kreuzcrawl/packages/go => ../../packages/go` overrides the canonical dependency with a different source"}, "fullDescription": {"text": "If the replace is intentional (e.g. waiting on an upstream fix), vendor the dependency into the repo and add a comment explaining the reason. Remove the replace once upstream merges."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "[MINED126] Workflow container/services image `kreuzcrawl-test:latest` unpinned: `container/services image: kreuzcrawl-te", "shortDescription": {"text": "[MINED126] Workflow container/services image `kreuzcrawl-test:latest` unpinned: `container/services image: kreuzcrawl-test:latest` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the "}, "fullDescription": {"text": "Replace with `kreuzcrawl-test:latest@sha256:<digest>`. Re-pin via Dependabot Docker scope."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run t", "shortDescription": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) in"}, "fullDescription": {"text": "Replace with: `uses: actions/checkout@<40-char-sha>  # v6` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `alpine:3.21` not pinned by digest: `FROM alpine:3.21` resolves the tag at build time. The re", "shortDescription": {"text": "[MINED118] Dockerfile FROM `alpine:3.21` not pinned by digest: `FROM alpine:3.21` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should"}, "fullDescription": {"text": "Replace with: `FROM alpine:3.21@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED131", "name": "[MINED131] pre-commit hook `https://github.com/kreuzberg-dev/pre-commit-hooks` pinned to mutable rev `v1.2.3`: `.pre-com", "shortDescription": {"text": "[MINED131] pre-commit hook `https://github.com/kreuzberg-dev/pre-commit-hooks` pinned to mutable rev `v1.2.3`: `.pre-commit-config.yaml` references `https://github.com/kreuzberg-dev/pre-commit-hooks` at `rev: v1.2.3`. If `{rev}` is a branch"}, "fullDescription": {"text": "Pin to a commit SHA: `rev: <40-char-sha>` and bump it through `pre-commit autoupdate` (which writes to PRs that are reviewed)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_error_browser_page_timeout: Test function `test_error_browser_page_timeout` runs ", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_error_browser_page_timeout: Test function `test_error_browser_page_timeout` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verif"}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED012", "name": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code.", "shortDescription": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-494 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AUC003", "name": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby a", "shortDescription": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /v1/batch/scrape/{id}."}, "fullDescription": {"text": "Add ownership, tenant, relationship, or policy checks before reading or mutating the target object."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "high", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "DKR006", "name": "Dockerfile pipes a remote script into a shell", "shortDescription": {"text": "Dockerfile pipes a remote script into a shell"}, "fullDescription": {"text": "Download the artifact, verify its checksum or signature, pin the version, and then execute it."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "[MINED116] Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, ", "shortDescription": {"text": "[MINED116] Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CODECOV_TOKEN }` lets a PR from any fork exfiltrate the secret"}, "fullDescription": {"text": "Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED013", "name": "[MINED013] Password In Url: https://user:password@host \u2014 leaks creds via logs, referrer, error messages.", "shortDescription": {"text": "[MINED013] Password In Url: https://user:password@host \u2014 leaks creds via logs, referrer, error messages."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-200 / A07:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/200"}, "properties": {"repository": "kreuzberg-dev/kreuzcrawl", "repoUrl": "https://github.com/kreuzberg-dev/kreuzcrawl", "branch": "main"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49907, "scanner": "repobility-ast-engine", "fingerprint": "433f83426fe55228ec1ed8bc2fde42622b140e3c2a4e9aa98487a4e75ae3da0c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|433f83426fe55228ec1ed8bc2fde42622b140e3c2a4e9aa98487a4e75ae3da0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/ci/docker/test_docker.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 49900, "scanner": "repobility-ast-engine", "fingerprint": "4a2478774de459350e3dd595522f45d16971fd6436434a8087898e4f84f1ff87", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4a2478774de459350e3dd595522f45d16971fd6436434a8087898e4f84f1ff87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/ci/ruby/vendor-kreuzcrawl-core.py"}, "region": {"startLine": 456}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 33.3% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 49897, "scanner": "repobility-access-control", "fingerprint": "428bba7e78ca5dadacd769b0ae359888a4bbbdef443ba24eb50394e8f889518f", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 9, "correlation_key": "fp|428bba7e78ca5dadacd769b0ae359888a4bbbdef443ba24eb50394e8f889518f", "auth_visible_percent": 33.3}}}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 49851, "scanner": "repobility-threat-engine", "fingerprint": "5e59db07ceed3a29bb31593995f0d7a665dfa7d5f7c09add4b28cd5b351f423a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url: \"https://example.com", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5e59db07ceed3a29bb31593995f0d7a665dfa7d5f7c09add4b28cd5b351f423a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/benchmark-harness/src/cache.rs"}, "region": {"startLine": 191}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 49850, "scanner": "repobility-threat-engine", "fingerprint": "81336629c8cea250a87fb28c774a2f17ef1fc57ed8971137ebe230128d951d27", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url: \"https://example.com", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|81336629c8cea250a87fb28c774a2f17ef1fc57ed8971137ebe230128d951d27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl/src/waf/tests.rs"}, "region": {"startLine": 26}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 49849, "scanner": "repobility-threat-engine", "fingerprint": "82b770296931be00fe7be895ff727bede9299c2425ecc728cd41ea4ecc040df1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url: \"https://example.com", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|82b770296931be00fe7be895ff727bede9299c2425ecc728cd41ea4ecc040df1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl/src/mcp/format.rs"}, "region": {"startLine": 180}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /v1/download."}, "properties": {"repobilityId": 6128, "scanner": "repobility-access-control", "fingerprint": "0eae9eba3c93faec41ea28ceccb9638c0e80810dbf2f55b7595d3d9fca28d32c", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/v1/download", "method": "ANY", "scanner": "repobility-access-control", "framework": "Axum", "correlation_key": "code|auth|token|60|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl/src/api/router.rs"}, "region": {"startLine": 60}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /v1/batch/scrape/{id}."}, "properties": {"repobilityId": 6127, "scanner": "repobility-access-control", "fingerprint": "4ec03c45a88fd10917c19a307e1d86a6701b71caec483676aad043d18e47de89", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/v1/batch/scrape/{id}", "method": "ANY", "scanner": "repobility-access-control", "framework": "Axum", "correlation_key": "code|auth|token|59|auc009", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl/src/api/router.rs"}, "region": {"startLine": 59}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /v1/batch/scrape."}, "properties": {"repobilityId": 6126, "scanner": "repobility-access-control", "fingerprint": "ff89e9b0a98068aadbbcf903066b66c12436adb93b9f8abeff171b99c8fdc17d", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/v1/batch/scrape", "method": "ANY", "scanner": "repobility-access-control", "framework": "Axum", "correlation_key": "code|auth|token|58|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl/src/api/router.rs"}, "region": {"startLine": 58}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /v1/map."}, "properties": {"repobilityId": 6125, "scanner": "repobility-access-control", "fingerprint": "8797c3451eb443a39651ec7259324e7b821f9643dcac010812f89a4825d2ddbb", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/v1/map", "method": "ANY", "scanner": "repobility-access-control", "framework": "Axum", "correlation_key": "code|auth|token|57|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl/src/api/router.rs"}, "region": {"startLine": 57}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /v1/crawl."}, "properties": {"repobilityId": 6124, "scanner": "repobility-access-control", "fingerprint": "cf350a96bbc5f2b23430e25db3b6c7aeb94273c00d35ab597da7d197f0eb3c50", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/v1/crawl", "method": "ANY", "scanner": "repobility-access-control", "framework": "Axum", "correlation_key": "code|auth|token|52|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl/src/api/router.rs"}, "region": {"startLine": 52}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /v1/scrape."}, "properties": {"repobilityId": 6123, "scanner": "repobility-access-control", "fingerprint": "b357bcf167723fbf876abc66f637fee7dc3ac7ff371b1f5380ea143d1f6d02d1", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/v1/scrape", "method": "ANY", "scanner": "repobility-access-control", "framework": "Axum", "correlation_key": "code|auth|token|51|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl/src/api/router.rs"}, "region": {"startLine": 51}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 36.4% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 6121, "scanner": "repobility-access-control", "fingerprint": "b3ca1cc0adc648928bf7067619ade00a1cd66967958132d156237626623855f7", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 11, "correlation_key": "fp|b3ca1cc0adc648928bf7067619ade00a1cd66967958132d156237626623855f7", "auth_visible_percent": 36.4}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 6120, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Django", "Axum"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 6114, "scanner": "repobility-threat-engine", "fingerprint": "11c170aa38f93d5828e28f89d9a39e6f604f3088119cf6c42d1a867b4e1a19d4", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "entry.getName()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|167|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/java/src/main/java/dev/kreuzberg/kreuzcrawl/NativeLib.java"}, "region": {"startLine": 167}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 6111, "scanner": "repobility-agent-runtime", "fingerprint": "eb2060767d7a18a94f915d7e9ad817aab811734e2b89efc76e29a6aac746609a", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|eb2060767d7a18a94f915d7e9ad817aab811734e2b89efc76e29a6aac746609a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/ci/wasm/install-wasm-pack.sh"}, "region": {"startLine": 14}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 6110, "scanner": "repobility-agent-runtime", "fingerprint": "5b00ab0261aed9cd920fa70b7913510213525c4f58755c590908686e7ad02645", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|5b00ab0261aed9cd920fa70b7913510213525c4f58755c590908686e7ad02645"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fixtures/stealth/stealth_ua_rotation_config.json"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6109, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2c6d2b68200beb73b885f0774e72417d500c139c78af9480984c5190a2d12231", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tools/snippet-runner/src/validators/bash.rs", "duplicate_line": 33, "correlation_key": "fp|2c6d2b68200beb73b885f0774e72417d500c139c78af9480984c5190a2d12231"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/snippet-runner/src/validators/elixir.rs"}, "region": {"startLine": 49}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6108, "scanner": "repobility-ai-code-hygiene", "fingerprint": "04953cc35e170be370b987ba94a74f8a433e12a204630bb600d97645554ddb29", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tools/snippet-runner/src/validators/c.rs", "duplicate_line": 48, "correlation_key": "fp|04953cc35e170be370b987ba94a74f8a433e12a204630bb600d97645554ddb29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/snippet-runner/src/validators/csharp.rs"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6107, "scanner": "repobility-ai-code-hygiene", "fingerprint": "193ed59dd71aebe4d971e323391a1e210158415b58acabf7877a03fcddd6db1a", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tools/snippet-runner/src/validators/bash.rs", "duplicate_line": 33, "correlation_key": "fp|193ed59dd71aebe4d971e323391a1e210158415b58acabf7877a03fcddd6db1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/snippet-runner/src/validators/csharp.rs"}, "region": {"startLine": 41}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6106, "scanner": "repobility-ai-code-hygiene", "fingerprint": "31d989c9f4361d01625dcce528b9c4c97090e44a132342b5300e59e63568ed83", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "e2e/elixir/mix.exs", "duplicate_line": 1, "correlation_key": "fp|31d989c9f4361d01625dcce528b9c4c97090e44a132342b5300e59e63568ed83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_apps/elixir/mix.exs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6105, "scanner": "repobility-ai-code-hygiene", "fingerprint": "327fafcd5b5fe8f632334f0dc164c7c7d797afe155dc23feb8120ed841ea8729", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/php/.php-cs-fixer.dist.php", "duplicate_line": 9, "correlation_key": "fp|327fafcd5b5fe8f632334f0dc164c7c7d797afe155dc23feb8120ed841ea8729"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/php/php-cs-fixer.php"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6104, "scanner": "repobility-ai-code-hygiene", "fingerprint": "725cb0e075fd04e273b84652031ffa3b51673dbf6cf046a004040ae21dde3e6e", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/java/src/main/java/dev/kreuzberg/kreuzcrawl/CrawlPageResultBuilder.java", "duplicate_line": 12, "correlation_key": "fp|725cb0e075fd04e273b84652031ffa3b51673dbf6cf046a004040ae21dde3e6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/java/src/main/java/dev/kreuzberg/kreuzcrawl/ScrapeResultBuilder.java"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6103, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9069f65b394dcb5436fed3fd65c66105532bd1cc92de4a093cc398a228a18a36", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/kreuzcrawl-ffi/include/kreuzcrawl.h", "duplicate_line": 1, "correlation_key": "fp|9069f65b394dcb5436fed3fd65c66105532bd1cc92de4a093cc398a228a18a36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/go/internal/ffi/kreuzcrawl.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6101, "scanner": "repobility-ai-code-hygiene", "fingerprint": "77aeb085e3e7721165267694be42f3ed394028aa1004c64ab5ba8bcbc45b7403", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/dart/lib/src/kreuzcrawl_bridge_generated/frb_generated.io.dart", "duplicate_line": 17, "correlation_key": "fp|77aeb085e3e7721165267694be42f3ed394028aa1004c64ab5ba8bcbc45b7403"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/dart/lib/src/kreuzcrawl_bridge_generated/frb_generated.web.dart"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6100, "scanner": "repobility-ai-code-hygiene", "fingerprint": "05b64436154f2a2406b93cb1cdb870641f137804061795331d39b24f0fb9722c", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/csharp/Kreuzcrawl/CrawlPageResult.cs", "duplicate_line": 12, "correlation_key": "fp|05b64436154f2a2406b93cb1cdb870641f137804061795331d39b24f0fb9722c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/csharp/Kreuzcrawl/ScrapeResult.cs"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6098, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d610b60bc29ef53099c69ff983d5d25121df5f6ca39f3ceabeb7ed5dc608a494", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/kreuzcrawl/src/http.rs", "duplicate_line": 92, "correlation_key": "fp|d610b60bc29ef53099c69ff983d5d25121df5f6ca39f3ceabeb7ed5dc608a494"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl/src/tower/service.rs"}, "region": {"startLine": 111}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49896, "scanner": "repobility-ai-code-hygiene", "fingerprint": "de7afb454037795dc34d4744e35c18dd3fd8f14e2ae1b0bbab3f12b43ed0cf02", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/kotlin-android/src/main/kotlin/dev/kreuzberg/kreuzcrawl/android/ActionResult.kt", "duplicate_line": 1, "correlation_key": "fp|de7afb454037795dc34d4744e35c18dd3fd8f14e2ae1b0bbab3f12b43ed0cf02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/kotlin-android/src/main/kotlin/dev/kreuzberg/kreuzcrawl/android/BrowserMode.kt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49895, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f5c1d6de554ddc60b81a44090b3476fd13ce5f54c21d04adb0ed8c11c4a6f7c3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/kotlin-android/src/main/kotlin/dev/kreuzberg/kreuzcrawl/android/ActionResult.kt", "duplicate_line": 1, "correlation_key": "fp|f5c1d6de554ddc60b81a44090b3476fd13ce5f54c21d04adb0ed8c11c4a6f7c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/kotlin-android/src/main/kotlin/dev/kreuzberg/kreuzcrawl/android/BrowserExtras.kt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49894, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e9a6c7b17c43a9fc9c7263a03ac9fd89d3c6131d3956b599645b2305f0b4f205", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/kotlin-android/src/main/kotlin/dev/kreuzberg/kreuzcrawl/android/ActionResult.kt", "duplicate_line": 1, "correlation_key": "fp|e9a6c7b17c43a9fc9c7263a03ac9fd89d3c6131d3956b599645b2305f0b4f205"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/kotlin-android/src/main/kotlin/dev/kreuzberg/kreuzcrawl/android/BrowserConfig.kt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49893, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4eed4bc418a56743416eb4bd82163e463a1037b9f8ffc0d3a412b5d92f989cbc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/kotlin-android/src/main/kotlin/dev/kreuzberg/kreuzcrawl/android/ActionResult.kt", "duplicate_line": 1, "correlation_key": "fp|4eed4bc418a56743416eb4bd82163e463a1037b9f8ffc0d3a412b5d92f989cbc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/kotlin-android/src/main/kotlin/dev/kreuzberg/kreuzcrawl/android/BrowserBackend.kt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49892, "scanner": "repobility-ai-code-hygiene", "fingerprint": "afb652b1a7f93440fed037000b01b27c78256af69fcb21a878585589a648f604", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/kotlin-android/src/main/kotlin/dev/kreuzberg/kreuzcrawl/android/ActionResult.kt", "duplicate_line": 1, "correlation_key": "fp|afb652b1a7f93440fed037000b01b27c78256af69fcb21a878585589a648f604"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/kotlin-android/src/main/kotlin/dev/kreuzberg/kreuzcrawl/android/BatchScrapeResults.kt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49891, "scanner": "repobility-ai-code-hygiene", "fingerprint": "722caace16e3c74883a79351b97f4ca581ab192ecee226acea2e4ce6cbe01c9e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/kotlin-android/src/main/kotlin/dev/kreuzberg/kreuzcrawl/android/ActionResult.kt", "duplicate_line": 1, "correlation_key": "fp|722caace16e3c74883a79351b97f4ca581ab192ecee226acea2e4ce6cbe01c9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/kotlin-android/src/main/kotlin/dev/kreuzberg/kreuzcrawl/android/BatchScrapeResult.kt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49890, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9a7eafd479fa95f31f6881cbf715ef7a3c16d5674ab2155d6a3c951ca11bce88", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/kotlin-android/src/main/kotlin/dev/kreuzberg/kreuzcrawl/android/ActionResult.kt", "duplicate_line": 1, "correlation_key": "fp|9a7eafd479fa95f31f6881cbf715ef7a3c16d5674ab2155d6a3c951ca11bce88"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/kotlin-android/src/main/kotlin/dev/kreuzberg/kreuzcrawl/android/BatchCrawlStreamRequest.kt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49889, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a6ef055e767a14749ebe10f1aa58f853dbc28d4bf90f4b25229b4322bda758c2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/kotlin-android/src/main/kotlin/dev/kreuzberg/kreuzcrawl/android/ActionResult.kt", "duplicate_line": 1, "correlation_key": "fp|a6ef055e767a14749ebe10f1aa58f853dbc28d4bf90f4b25229b4322bda758c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/kotlin-android/src/main/kotlin/dev/kreuzberg/kreuzcrawl/android/BatchCrawlResults.kt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49888, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ce31c9780cd61554c1446f223c62490042fcc6076071fadedb78902c0fc7a5a1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/kotlin-android/src/main/kotlin/dev/kreuzberg/kreuzcrawl/android/ActionResult.kt", "duplicate_line": 1, "correlation_key": "fp|ce31c9780cd61554c1446f223c62490042fcc6076071fadedb78902c0fc7a5a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/kotlin-android/src/main/kotlin/dev/kreuzberg/kreuzcrawl/android/BatchCrawlResult.kt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49887, "scanner": "repobility-ai-code-hygiene", "fingerprint": "357594ceb21ffcb533f18f5920a5011901bf260406290b5eb31c1c42be63b598", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/kotlin-android/src/main/kotlin/dev/kreuzberg/kreuzcrawl/android/ActionResult.kt", "duplicate_line": 1, "correlation_key": "fp|357594ceb21ffcb533f18f5920a5011901bf260406290b5eb31c1c42be63b598"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/kotlin-android/src/main/kotlin/dev/kreuzberg/kreuzcrawl/android/AuthConfig.kt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49886, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a298670907cc60f1ac2dc87f86c429345e6829019b3132cf5b9c95649cb0fb34", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/kotlin-android/src/main/kotlin/dev/kreuzberg/kreuzcrawl/android/ActionResult.kt", "duplicate_line": 1, "correlation_key": "fp|a298670907cc60f1ac2dc87f86c429345e6829019b3132cf5b9c95649cb0fb34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/kotlin-android/src/main/kotlin/dev/kreuzberg/kreuzcrawl/android/AssetCategory.kt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49885, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2ce6ea911ca2bedbdd29b0e2ef559dc8db15f2d4b0a3d35a2cd1c6d86701df9a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/kotlin-android/src/main/kotlin/dev/kreuzberg/kreuzcrawl/android/ActionResult.kt", "duplicate_line": 1, "correlation_key": "fp|2ce6ea911ca2bedbdd29b0e2ef559dc8db15f2d4b0a3d35a2cd1c6d86701df9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/kotlin-android/src/main/kotlin/dev/kreuzberg/kreuzcrawl/android/ArticleMetadata.kt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49884, "scanner": "repobility-ai-code-hygiene", "fingerprint": "af2116fa736e20f5983429f7a4889bec31eb2f385236db0ad17240b5ef7d10fb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/java/src/main/java/dev/kreuzberg/kreuzcrawl/CrawlPageResult.java", "duplicate_line": 85, "correlation_key": "fp|af2116fa736e20f5983429f7a4889bec31eb2f385236db0ad17240b5ef7d10fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/java/src/main/java/dev/kreuzberg/kreuzcrawl/ScrapeResult.java"}, "region": {"startLine": 101}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49883, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d3964cf7608a5d7d71451f5449d8ef91e1b1f1ee908e95fc3cf009027c48aa08", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/java/src/main/java/dev/kreuzberg/kreuzcrawl/BatchCrawlResults.java", "duplicate_line": 29, "correlation_key": "fp|d3964cf7608a5d7d71451f5449d8ef91e1b1f1ee908e95fc3cf009027c48aa08"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/java/src/main/java/dev/kreuzberg/kreuzcrawl/BatchScrapeResults.java"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49882, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6d8d245ad1a10dee431b80fa3059a731d3ff98779fc9da8837b38e864e42e160", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/kreuzcrawl-ffi/include/kreuzcrawl.h", "duplicate_line": 67, "correlation_key": "fp|6d8d245ad1a10dee431b80fa3059a731d3ff98779fc9da8837b38e864e42e160"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/go/internal/ffi/kreuzcrawl.h"}, "region": {"startLine": 41}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49881, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c90844abae5cdf4502b810d548a0db0808686081732518183a773a3ca5d14e03", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/elixir/lib/kreuzcrawl/batch_crawl_stream_request.ex", "duplicate_line": 11, "correlation_key": "fp|c90844abae5cdf4502b810d548a0db0808686081732518183a773a3ca5d14e03"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/elixir/lib/kreuzcrawl/map_result.ex"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49880, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9403c54bdbc44c3fdafb1a06e81bd7666598f67b5fc6f78fdb059f774a6d28f4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/elixir/lib/kreuzcrawl/citation_reference.ex", "duplicate_line": 14, "correlation_key": "fp|9403c54bdbc44c3fdafb1a06e81bd7666598f67b5fc6f78fdb059f774a6d28f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/elixir/lib/kreuzcrawl/heading_info.ex"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49879, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3fb90c453cc3cc09f794062dc64cc5e845e7d0fe8f16cf8d6b1505f6570bf036", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/elixir/lib/kreuzcrawl/crawl_page_result.ex", "duplicate_line": 47, "correlation_key": "fp|3fb90c453cc3cc09f794062dc64cc5e845e7d0fe8f16cf8d6b1505f6570bf036"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/elixir/lib/kreuzcrawl/crawl_result.ex"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49878, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fa67adfcaf611ecf26d2c89cec63565d9ca46f966b6ae2749cc4e967e892e3ce", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/elixir/lib/kreuzcrawl/batch_crawl_results.ex", "duplicate_line": 8, "correlation_key": "fp|fa67adfcaf611ecf26d2c89cec63565d9ca46f966b6ae2749cc4e967e892e3ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/elixir/lib/kreuzcrawl/batch_scrape_results.ex"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49877, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d6c736c1cf8e67eaf3d09e7e0dbdd02c43eebdf61880939db9d10062a90bc67e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/elixir/lib/kreuzcrawl/action_result.ex", "duplicate_line": 15, "correlation_key": "fp|d6c736c1cf8e67eaf3d09e7e0dbdd02c43eebdf61880939db9d10062a90bc67e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/elixir/lib/kreuzcrawl/batch_scrape_result.ex"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49876, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9489b02d509a1031169236c33aaba17a94ecc0b210c229dd4cc101db1175943b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/elixir/lib/kreuzcrawl/batch_crawl_result.ex", "duplicate_line": 4, "correlation_key": "fp|9489b02d509a1031169236c33aaba17a94ecc0b210c229dd4cc101db1175943b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/elixir/lib/kreuzcrawl/batch_scrape_result.ex"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49875, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2c2c9cb9f84c62343eae671250613a3ad23d8e96579be0b18372fc9f0e1b6a72", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/elixir/lib/kreuzcrawl/action_result.ex", "duplicate_line": 15, "correlation_key": "fp|2c2c9cb9f84c62343eae671250613a3ad23d8e96579be0b18372fc9f0e1b6a72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/elixir/lib/kreuzcrawl/batch_crawl_result.ex"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49874, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d3500404f111f6f4a240bec914d2c4768b45b241d39e0d6b56391ac37240849d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/csharp/Kreuzcrawl/CrawlPageResult.cs", "duplicate_line": 14, "correlation_key": "fp|d3500404f111f6f4a240bec914d2c4768b45b241d39e0d6b56391ac37240849d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/csharp/Kreuzcrawl/ScrapeResult.cs"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49873, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f20bdfe45f2fce5483db5aba2e07b1119eb98bd86647ce8e8d93a98d8981d132", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/csharp/Kreuzcrawl/AuthConfig.cs", "duplicate_line": 26, "correlation_key": "fp|f20bdfe45f2fce5483db5aba2e07b1119eb98bd86647ce8e8d93a98d8981d132"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/csharp/Kreuzcrawl/PageAction.cs"}, "region": {"startLine": 41}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49872, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9b19e820c248fbad5ecdf80e25f9f5ed308868f083e88186ce8f1bc20a02e420", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/csharp/Kreuzcrawl/AuthConfig.cs", "duplicate_line": 26, "correlation_key": "fp|9b19e820c248fbad5ecdf80e25f9f5ed308868f083e88186ce8f1bc20a02e420"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/csharp/Kreuzcrawl/CrawlEvent.cs"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49871, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5ceedc038f32064d06e7ac07c36dc7fd6769e437a6dbc2010e2fe52868df0b9f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/kreuzcrawl/src/http.rs", "duplicate_line": 117, "correlation_key": "fp|5ceedc038f32064d06e7ac07c36dc7fd6769e437a6dbc2010e2fe52868df0b9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl/src/tower/service.rs"}, "region": {"startLine": 114}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49870, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5cb104195f62ca075741d6abd82cc50c5c15abe3dd7b56bcf2e9e77906e7cb4b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/kreuzcrawl/src/browser_pool.rs", "duplicate_line": 12, "correlation_key": "fp|5cb104195f62ca075741d6abd82cc50c5c15abe3dd7b56bcf2e9e77906e7cb4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl/src/interact/chromiumoxide.rs"}, "region": {"startLine": 372}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49869, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3ac0565d56e615a82987c7793025395b06f4d368682465753b5ac4f4aa467003", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/kreuzcrawl/src/browser.rs", "duplicate_line": 150, "correlation_key": "fp|3ac0565d56e615a82987c7793025395b06f4d368682465753b5ac4f4aa467003"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl/src/interact/chromiumoxide.rs"}, "region": {"startLine": 108}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 49862, "scanner": "repobility-threat-engine", "fingerprint": "a39c914823f8f672daff52b27a82688b90cff64782b31683e47ec79078717957", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = gpa.deinit(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a39c914823f8f672daff52b27a82688b90cff64782b31683e47ec79078717957"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_apps/zig/src/metadata_test.zig"}, "region": {"startLine": 27}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 49861, "scanner": "repobility-threat-engine", "fingerprint": "214215b546cf50239309615fa12a0090744cf6bc52f9ca6ac011bb2a8f9a271d", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = gpa.deinit(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|214215b546cf50239309615fa12a0090744cf6bc52f9ca6ac011bb2a8f9a271d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_apps/zig/src/markdown_test.zig"}, "region": {"startLine": 27}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 49860, "scanner": "repobility-threat-engine", "fingerprint": "334ac181690934a70c2393c321b51f8eb9713aa9d545ac74b99f91766b8ce134", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = gpa.deinit(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|334ac181690934a70c2393c321b51f8eb9713aa9d545ac74b99f91766b8ce134"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/zig/examples/example.zig"}, "region": {"startLine": 5}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `_to_rust_browser_config` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: if=6, nested_bonus=4."}, "properties": {"repobilityId": 49855, "scanner": "repobility-threat-engine", "fingerprint": "5740fbd44fc42e0d4d8a8a5ffdaa845c8ffceb19dbe6965e2497044f1d23e3ae", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_to_rust_browser_config", "breakdown": {"if": 6, "nested_bonus": 4}, "complexity": 10, "correlation_key": "fp|5740fbd44fc42e0d4d8a8a5ffdaa845c8ffceb19dbe6965e2497044f1d23e3ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/python/kreuzcrawl/api.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `_to_rust_crawl_config` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: if=6, nested_bonus=4, ternary=2."}, "properties": {"repobilityId": 49854, "scanner": "repobility-threat-engine", "fingerprint": "8b640ba5b48a05e71b9154a33e38b7a37a3c815f054940f85f96f06352e2188d", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 12 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_to_rust_crawl_config", "breakdown": {"if": 6, "ternary": 2, "nested_bonus": 4}, "complexity": 12, "correlation_key": "fp|8b640ba5b48a05e71b9154a33e38b7a37a3c815f054940f85f96f06352e2188d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/python/kreuzcrawl/api.py"}, "region": {"startLine": 136}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 6115, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": ["id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 6113, "scanner": "repobility-threat-engine", "fingerprint": "a95422f4f7bb948845e280837c19cc7cbd4534a2014c9aa34662aa009e88d42d", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = io.Copy(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a95422f4f7bb948845e280837c19cc7cbd4534a2014c9aa34662aa009e88d42d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/go/cmd/install/main.go"}, "region": {"startLine": 280}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 6112, "scanner": "repobility-threat-engine", "fingerprint": "7d5762008591090bdb33b87fc0f88fee57b9b42a33e99245db75758e437717fd", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = json.Unmarshal(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7d5762008591090bdb33b87fc0f88fee57b9b42a33e99245db75758e437717fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/go/binding.go"}, "region": {"startLine": 2914}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6102, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ba77d86ecdff578a5b960270f39f5d2bd2e16557574b424cd75460e52a754096", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/kreuzcrawl-ffi/include/kreuzcrawl.h", "duplicate_line": 1, "correlation_key": "fp|ba77d86ecdff578a5b960270f39f5d2bd2e16557574b424cd75460e52a754096"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/go/include/kreuzcrawl.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6099, "scanner": "repobility-ai-code-hygiene", "fingerprint": "16ced8c9a62b378bccc88714c4473807ad533eee9a7fbc0237709996dbe6fc25", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/kreuzcrawl/src/tower/rate_limit.rs", "duplicate_line": 31, "correlation_key": "fp|16ced8c9a62b378bccc88714c4473807ad533eee9a7fbc0237709996dbe6fc25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl/src/tower/tracing_layer.rs"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED070", "level": "none", "message": {"text": "[MINED070] Zig Undefined Init: var x: T = undefined leaves memory uninitialized. Often a foot-gun."}, "properties": {"repobilityId": 49868, "scanner": "repobility-threat-engine", "fingerprint": "47b052df5b78a8efea6b237adf99e211c579cbcca0fd15825eb09b1eefbb7607", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "zig-undefined-init", "owasp": null, "cwe_ids": [], "languages": ["zig"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348065+00:00", "triaged_in_corpus": 12, "observations_count": 36548, "ai_coder_pattern_id": 171}, "scanner": "repobility-threat-engine", "correlation_key": "fp|47b052df5b78a8efea6b237adf99e211c579cbcca0fd15825eb09b1eefbb7607"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_apps/zig/build.zig"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 49867, "scanner": "repobility-threat-engine", "fingerprint": "d3f7b7a35cd699d2d7bffd732d8f0666fc41156128557152682a571370c0a2c3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d3f7b7a35cd699d2d7bffd732d8f0666fc41156128557152682a571370c0a2c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_apps/wasm/setup.ts"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 49866, "scanner": "repobility-threat-engine", "fingerprint": "183ee2fb76788d66eefff647b06b5cfbf8638be31a8bba1cabb27ca4dceb24e1", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'mock' detected on same line", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|183ee2fb76788d66eefff647b06b5cfbf8638be31a8bba1cabb27ca4dceb24e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_apps/node/globalSetup.ts"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 49865, "scanner": "repobility-threat-engine", "fingerprint": "fc19153222450e858c275b1318a6a31ce5780d94ad079c49b5185467ac1f58a1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fc19153222450e858c275b1318a6a31ce5780d94ad079c49b5185467ac1f58a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_apps/node/globalSetup.ts"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 49863, "scanner": "repobility-threat-engine", "fingerprint": "bb616a0fefe781e9a5f37932b4898c0a2dc3405dd468781ebe012e58f17f12c4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bb616a0fefe781e9a5f37932b4898c0a2dc3405dd468781ebe012e58f17f12c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/ci/python/smoke-test-wheel.sh"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 49859, "scanner": "repobility-threat-engine", "fingerprint": "235b0dcddd7fe600cce5a1c58b6a7e6bfd572b739686e910aa397222730792ef", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|235b0dcddd7fe600cce5a1c58b6a7e6bfd572b739686e910aa397222730792ef", "aggregated_count": 3}}}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "properties": {"repobilityId": 49858, "scanner": "repobility-threat-engine", "fingerprint": "3857c6b3032d59b73c4658507da403d347dd36b68958bc261d3db60c77d81cc4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3857c6b3032d59b73c4658507da403d347dd36b68958bc261d3db60c77d81cc4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/zig/src/main.zig"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "properties": {"repobilityId": 49857, "scanner": "repobility-threat-engine", "fingerprint": "feb3ee758b501de3dacdd364346148caee916f01c9caceeabd47bdcdf63b7cb9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "correlation_key": "fp|feb3ee758b501de3dacdd364346148caee916f01c9caceeabd47bdcdf63b7cb9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/zig/examples/example.zig"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "properties": {"repobilityId": 49856, "scanner": "repobility-threat-engine", "fingerprint": "001b13a6013ae6b125edee6fca6f1a2f9137e76cdeaf31b6c4b1e469dd8ae3ff", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "correlation_key": "fp|001b13a6013ae6b125edee6fca6f1a2f9137e76cdeaf31b6c4b1e469dd8ae3ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/zig/build.zig"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED046", "level": "none", "message": {"text": "[MINED046] Dart Print: print() in Flutter goes to console. Use debugPrint / logger."}, "properties": {"repobilityId": 49853, "scanner": "repobility-threat-engine", "fingerprint": "8b9afc0c8d010c34a27e1c4841b5a8cfb049928481c7cfa7a8e3803f5c04f7c7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "dart-print", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["dart"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348008+00:00", "triaged_in_corpus": 10, "observations_count": 1515005, "ai_coder_pattern_id": 168}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8b9afc0c8d010c34a27e1c4841b5a8cfb049928481c7cfa7a8e3803f5c04f7c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/dart/example/kreuzcrawl_example.dart"}, "region": {"startLine": 4}}}]}, {"ruleId": "SEC134", "level": "none", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 49852, "scanner": "repobility-threat-engine", "fingerprint": "2fc2352ee79a239983bde3b99e3e602f191c3f964939343206bb75ac755d22c0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2fc2352ee79a239983bde3b99e3e602f191c3f964939343206bb75ac755d22c0"}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 49846, "scanner": "repobility-threat-engine", "fingerprint": "cd0c8e85bd308a46f755f44bc6ab20955e3c28a1f9d626cb3a3bf09c3b5d92c7", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|cd0c8e85bd308a46f755f44bc6ab20955e3c28a1f9d626cb3a3bf09c3b5d92c7", "aggregated_count": 5}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 49845, "scanner": "repobility-threat-engine", "fingerprint": "8f16e88522b8e9b8100e2db287451fffd8bb6c336638ad39aa0b556dde9f8f37", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8f16e88522b8e9b8100e2db287451fffd8bb6c336638ad39aa0b556dde9f8f37"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl/src/interact/native.rs"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 49844, "scanner": "repobility-threat-engine", "fingerprint": "674b03baa909a7e194decbe9da27b92171c2af084aee42278c320474a4a8906d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|674b03baa909a7e194decbe9da27b92171c2af084aee42278c320474a4a8906d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl/src/html/links.rs"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 49843, "scanner": "repobility-threat-engine", "fingerprint": "c8c2590a161c3411f4879368b2bca273ec52851494797974e0a46e7e049aa1bf", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c8c2590a161c3411f4879368b2bca273ec52851494797974e0a46e7e049aa1bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl/src/browser_session_pool.rs"}, "region": {"startLine": 209}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 25 more): Same pattern found in 25 additional files. Review if needed."}, "properties": {"repobilityId": 49840, "scanner": "repobility-threat-engine", "fingerprint": "a1abc0f73fcbbde4bfde07d3a1caa75668c0f255cd2533e6367562d2e96a50c7", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 25 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 25 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|a1abc0f73fcbbde4bfde07d3a1caa75668c0f255cd2533e6367562d2e96a50c7"}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 49836, "scanner": "repobility-threat-engine", "fingerprint": "badc6b534060584bcc43fa8e4af963475b30672dbd2b7ed1402ec05ecf321059", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|badc6b534060584bcc43fa8e4af963475b30672dbd2b7ed1402ec05ecf321059"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl-browser/src/dom/tree_sink.rs"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 49835, "scanner": "repobility-threat-engine", "fingerprint": "906124f17185bbda83d0793457df02a662cbc08550f95882b78647c048fafeff", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|906124f17185bbda83d0793457df02a662cbc08550f95882b78647c048fafeff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/dart/rust/build.rs"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 49834, "scanner": "repobility-threat-engine", "fingerprint": "babcea47274fd8615b41cb545e2e39392f129620ba81d1f4dd8ba3dd48b8464e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|babcea47274fd8615b41cb545e2e39392f129620ba81d1f4dd8ba3dd48b8464e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl/src/waf/tests.rs"}, "region": {"startLine": 221}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 49833, "scanner": "repobility-threat-engine", "fingerprint": "e6d69c3250edf2c30134b0d394008eceba179ff87d8f6d3570d2808efb2c0368", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e6d69c3250edf2c30134b0d394008eceba179ff87d8f6d3570d2808efb2c0368"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl-browser/src/dom/tree_sink.rs"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "properties": {"repobilityId": 49832, "scanner": "repobility-threat-engine", "fingerprint": "404c4d28df2d128921906c0a9855bd89ab2ae24230d24e8d46970ce5ea82e08d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 19 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|404c4d28df2d128921906c0a9855bd89ab2ae24230d24e8d46970ce5ea82e08d", "aggregated_count": 19}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 49831, "scanner": "repobility-threat-engine", "fingerprint": "c0659a4d6ecfd73716ff1f50760f92377704079dbff869f04b62056868e1dc8f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c0659a4d6ecfd73716ff1f50760f92377704079dbff869f04b62056868e1dc8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl-browser/src/net/wreq_client.rs"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 49830, "scanner": "repobility-threat-engine", "fingerprint": "4427f39535d299133b9695221702eaab1c12eb21d35859290ffc09fc67821cae", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4427f39535d299133b9695221702eaab1c12eb21d35859290ffc09fc67821cae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl-browser/src/dom/tree_sink.rs"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 49829, "scanner": "repobility-threat-engine", "fingerprint": "744016ffc413de3bbd863251eb9c2c28f445e86494cde008c5e91fec9328d4e1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|744016ffc413de3bbd863251eb9c2c28f445e86494cde008c5e91fec9328d4e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl-browser/build.rs"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "properties": {"repobilityId": 49828, "scanner": "repobility-threat-engine", "fingerprint": "36a8872f242ced5bf43c2c59654152661be00d89f115d0c72d280a73a1364ec5", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|36a8872f242ced5bf43c2c59654152661be00d89f115d0c72d280a73a1364ec5", "aggregated_count": 16}}}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@kreuzberg/kreuzcrawl-wasm` pulled from URL/Git: `devDependencies.@kreuzberg/kreuzcrawl-wasm` = `file:../../crates/kreuzcrawl-wasm/pkg/nodejs` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 49964, "scanner": "repobility-supply-chain", "fingerprint": "ac94c2ad62d73416b6ebea8502612dda2c0763d8b64eeb399de1441374d0bd98", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ac94c2ad62d73416b6ebea8502612dda2c0763d8b64eeb399de1441374d0bd98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/wasm/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/kreuzberg-dev/kreuzcrawl/packages/go` \u2014 points to a LOCAL path: `replace github.com/kreuzberg-dev/kreuzcrawl/packages/go => ../../packages/go` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 49963, "scanner": "repobility-supply-chain", "fingerprint": "f82eda3e1ffdd4bf0226b15a5c032597a61102a208a5308dbfa75b0dcef1bee1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f82eda3e1ffdd4bf0226b15a5c032597a61102a208a5308dbfa75b0dcef1bee1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/go/go.mod"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `kreuzcrawl-test:latest` unpinned: `container/services image: kreuzcrawl-test:latest` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 49962, "scanner": "repobility-supply-chain", "fingerprint": "99eb89e9dc21de96f7b01fe5d214faa598759d1fb53f5b3a3d6bf9e9f3c228be", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|99eb89e9dc21de96f7b01fe5d214faa598759d1fb53f5b3a3d6bf9e9f3c228be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish-docker.yaml"}, "region": {"startLine": 166}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 49960, "scanner": "repobility-supply-chain", "fingerprint": "f05b0ed341a7ce6775912f434d695c6177fc33f3bf61f73fd6972c61e14d9657", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f05b0ed341a7ce6775912f434d695c6177fc33f3bf61f73fd6972c61e14d9657"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/coverage.yaml"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `kreuzberg-dev/actions/install-task` pinned to mutable ref `@v1`: `uses: kreuzberg-dev/actions/install-task@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 49959, "scanner": "repobility-supply-chain", "fingerprint": "4316cd9ef679cb3d179a022e6c6e6b992504b163b094783a7d8ddec185aad669", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4316cd9ef679cb3d179a022e6c6e6b992504b163b094783a7d8ddec185aad669"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-e2e.yaml"}, "region": {"startLine": 329}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `kreuzberg-dev/actions/setup-chrome` pinned to mutable ref `@v1`: `uses: kreuzberg-dev/actions/setup-chrome@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 49958, "scanner": "repobility-supply-chain", "fingerprint": "1c743aa4b1f5d1497a093702d08e2bb6540a981b4c68e868d4f5d1bae5d14771", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1c743aa4b1f5d1497a093702d08e2bb6540a981b4c68e868d4f5d1bae5d14771"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-e2e.yaml"}, "region": {"startLine": 310}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `kreuzberg-dev/actions/setup-wasm-pack` pinned to mutable ref `@v1`: `uses: kreuzberg-dev/actions/setup-wasm-pack@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 49957, "scanner": "repobility-supply-chain", "fingerprint": "2ac125757d88a17f7a7b239170500272b93a532b3537f3a39073c0d6c9d43269", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2ac125757d88a17f7a7b239170500272b93a532b3537f3a39073c0d6c9d43269"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-e2e.yaml"}, "region": {"startLine": 304}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `kreuzberg-dev/actions/setup-zig` pinned to mutable ref `@v1`: `uses: kreuzberg-dev/actions/setup-zig@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 49956, "scanner": "repobility-supply-chain", "fingerprint": "6135184185ecc4ee9c907a580e87d52ef0d19203226aa38a1b6b7f390210848a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6135184185ecc4ee9c907a580e87d52ef0d19203226aa38a1b6b7f390210848a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-e2e.yaml"}, "region": {"startLine": 298}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `kreuzberg-dev/actions/setup-swift` pinned to mutable ref `@v1`: `uses: kreuzberg-dev/actions/setup-swift@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 49955, "scanner": "repobility-supply-chain", "fingerprint": "0f0d3f961c403106c021bf4495bd178bf89a82bf124248373b95013fefce1410", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0f0d3f961c403106c021bf4495bd178bf89a82bf124248373b95013fefce1410"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-e2e.yaml"}, "region": {"startLine": 291}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dart-lang/setup-dart` pinned to mutable ref `@v1`: `uses: dart-lang/setup-dart@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 49954, "scanner": "repobility-supply-chain", "fingerprint": "b4461564c1eac3ebda7c0b0a57d84ee2a63f6311bdae8175333b90da45f4f9e1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b4461564c1eac3ebda7c0b0a57d84ee2a63f6311bdae8175333b90da45f4f9e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-e2e.yaml"}, "region": {"startLine": 282}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `kreuzberg-dev/actions/setup-elixir` pinned to mutable ref `@v1`: `uses: kreuzberg-dev/actions/setup-elixir@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 49953, "scanner": "repobility-supply-chain", "fingerprint": "8d754fce0c42b311bb565a2075c3a5ca94126918295fafe68284f77467f139a9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8d754fce0c42b311bb565a2075c3a5ca94126918295fafe68284f77467f139a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-e2e.yaml"}, "region": {"startLine": 275}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `kreuzberg-dev/actions/setup-php` pinned to mutable ref `@v1`: `uses: kreuzberg-dev/actions/setup-php@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 49952, "scanner": "repobility-supply-chain", "fingerprint": "872ca0b99354e367cbb3d7eb1d3cb81afd224570458a4927181d2413c39e597b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|872ca0b99354e367cbb3d7eb1d3cb81afd224570458a4927181d2413c39e597b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-e2e.yaml"}, "region": {"startLine": 267}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-dotnet` pinned to mutable ref `@v5`: `uses: actions/setup-dotnet@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 49951, "scanner": "repobility-supply-chain", "fingerprint": "32fa7ef62f2971dc3232b1bc17961287b3553af9995edea2f5c482524518efc8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|32fa7ef62f2971dc3232b1bc17961287b3553af9995edea2f5c482524518efc8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-e2e.yaml"}, "region": {"startLine": 261}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-java` pinned to mutable ref `@v5`: `uses: actions/setup-java@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 49950, "scanner": "repobility-supply-chain", "fingerprint": "f2a24635a4fdbfaea1a2c916e5bdbc78ec16b4b9d5b5b3dc47fa68e6f95b3a36", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f2a24635a4fdbfaea1a2c916e5bdbc78ec16b4b9d5b5b3dc47fa68e6f95b3a36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-e2e.yaml"}, "region": {"startLine": 254}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `ruby/setup-ruby` pinned to mutable ref `@v1`: `uses: ruby/setup-ruby@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 49949, "scanner": "repobility-supply-chain", "fingerprint": "7fdf16d7761ef6adc282c86740fbe20cdc0d965e6741e93d2d893e37ac323d0d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7fdf16d7761ef6adc282c86740fbe20cdc0d965e6741e93d2d893e37ac323d0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-e2e.yaml"}, "region": {"startLine": 246}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-go` pinned to mutable ref `@v6`: `uses: actions/setup-go@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 49948, "scanner": "repobility-supply-chain", "fingerprint": "fe59bc05e594b229f923bdf65f16d0e17b736c7a0805727702dee4d1f7da6eab", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fe59bc05e594b229f923bdf65f16d0e17b736c7a0805727702dee4d1f7da6eab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-e2e.yaml"}, "region": {"startLine": 240}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `kreuzberg-dev/actions/setup-node-workspace` pinned to mutable ref `@v1`: `uses: kreuzberg-dev/actions/setup-node-workspace@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 49947, "scanner": "repobility-supply-chain", "fingerprint": "8a6e62c7f3ef2ad921d08a9ad288ce4cf8c2749b53876a9ad4efb21073c5c31a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8a6e62c7f3ef2ad921d08a9ad288ce4cf8c2749b53876a9ad4efb21073c5c31a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-e2e.yaml"}, "region": {"startLine": 236}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `kreuzberg-dev/actions/setup-python-env` pinned to mutable ref `@v1`: `uses: kreuzberg-dev/actions/setup-python-env@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 49946, "scanner": "repobility-supply-chain", "fingerprint": "6f3a0ea0046f679b968f05a7c78ecd5563f2860fce2d917ee9881de9125efba7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6f3a0ea0046f679b968f05a7c78ecd5563f2860fce2d917ee9881de9125efba7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-e2e.yaml"}, "region": {"startLine": 229}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `kreuzberg-dev/actions/setup-openssl` pinned to mutable ref `@v1`: `uses: kreuzberg-dev/actions/setup-openssl@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 49945, "scanner": "repobility-supply-chain", "fingerprint": "43205f2555d70b017479cbaaa83844ff9729edc820ab853f915c65ff7b231ed2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|43205f2555d70b017479cbaaa83844ff9729edc820ab853f915c65ff7b231ed2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-e2e.yaml"}, "region": {"startLine": 225}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v8`: `uses: actions/download-artifact@v8` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 49944, "scanner": "repobility-supply-chain", "fingerprint": "6663dd7838f17da7d27bb4b29db8f1ca9fdf8f2ae6540781777e99cb9e10fa1b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6663dd7838f17da7d27bb4b29db8f1ca9fdf8f2ae6540781777e99cb9e10fa1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-e2e.yaml"}, "region": {"startLine": 184}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `kreuzberg-dev/actions/setup-rust` pinned to mutable ref `@v1`: `uses: kreuzberg-dev/actions/setup-rust@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 49943, "scanner": "repobility-supply-chain", "fingerprint": "e6284f5435e9f978b816bca24ac0b89dac8f3705a6f837b53efd5b211605aa94", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e6284f5435e9f978b816bca24ac0b89dac8f3705a6f837b53efd5b211605aa94"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-e2e.yaml"}, "region": {"startLine": 179}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 49942, "scanner": "repobility-supply-chain", "fingerprint": "84b1c07ae4aac5587af6176493416480776cd9f168dc1e058e6d9e07656e0f74", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|84b1c07ae4aac5587af6176493416480776cd9f168dc1e058e6d9e07656e0f74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-e2e.yaml"}, "region": {"startLine": 174}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 49941, "scanner": "repobility-supply-chain", "fingerprint": "9f0a2799ddf8220f20c983f452532b850f9d40077a636bcafe6897f2fa66cf39", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9f0a2799ddf8220f20c983f452532b850f9d40077a636bcafe6897f2fa66cf39"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-e2e.yaml"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `kreuzberg-dev/actions/build-rust-cli` pinned to mutable ref `@v1`: `uses: kreuzberg-dev/actions/build-rust-cli@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 49940, "scanner": "repobility-supply-chain", "fingerprint": "4b6c28d8742f529b35e6fe1622ad8e86a1d52ff5b52656ac80a8669adeb6d33b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4b6c28d8742f529b35e6fe1622ad8e86a1d52ff5b52656ac80a8669adeb6d33b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-e2e.yaml"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `kreuzberg-dev/actions/build-rust-ffi` pinned to mutable ref `@v1`: `uses: kreuzberg-dev/actions/build-rust-ffi@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 49939, "scanner": "repobility-supply-chain", "fingerprint": "9b2722a8130f830395fce6f4575f0f75635e5ae8241c0f6262b07de061893c17", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9b2722a8130f830395fce6f4575f0f75635e5ae8241c0f6262b07de061893c17"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-e2e.yaml"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `kreuzberg-dev/actions/setup-openssl` pinned to mutable ref `@v1`: `uses: kreuzberg-dev/actions/setup-openssl@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 49938, "scanner": "repobility-supply-chain", "fingerprint": "23315858968c5084f422aab7c187914f62a522a90c4299894b91b6c86c629843", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|23315858968c5084f422aab7c187914f62a522a90c4299894b91b6c86c629843"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-e2e.yaml"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `kreuzberg-dev/actions/setup-rust` pinned to mutable ref `@v1`: `uses: kreuzberg-dev/actions/setup-rust@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 49937, "scanner": "repobility-supply-chain", "fingerprint": "ff260319efdf14738edfd5ffba9596e56f228a5afe13123f3e0f84c6f26a48e5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ff260319efdf14738edfd5ffba9596e56f228a5afe13123f3e0f84c6f26a48e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-e2e.yaml"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 49936, "scanner": "repobility-supply-chain", "fingerprint": "cfd30feca71e2aa61ea4f0e9eed8d8f02decc6f4599e0679fbbcc5997844e231", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cfd30feca71e2aa61ea4f0e9eed8d8f02decc6f4599e0679fbbcc5997844e231"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-e2e.yaml"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `alpine:3.21` not pinned by digest: `FROM alpine:3.21` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 49935, "scanner": "repobility-supply-chain", "fingerprint": "866723a9d5f37ffc680b338f26e927960521038ae3b7b583fdb903877e0f7a8d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|866723a9d5f37ffc680b338f26e927960521038ae3b7b583fdb903877e0f7a8d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile.musl-ffi"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `alpine:3.21` not pinned by digest: `FROM alpine:3.21` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 49934, "scanner": "repobility-supply-chain", "fingerprint": "88c5777502d3cf2ed6f52781dacf1bc82aec0dbe729f6202e042d9f32bfa647d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|88c5777502d3cf2ed6f52781dacf1bc82aec0dbe729f6202e042d9f32bfa647d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile.musl-build"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `alpine:3.21` not pinned by digest: `FROM alpine:3.21` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 49933, "scanner": "repobility-supply-chain", "fingerprint": "d07ef2da66c54de7adead337e37f49a4d0a683e95155c639acea66abdfe5fd71", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d07ef2da66c54de7adead337e37f49a4d0a683e95155c639acea66abdfe5fd71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile.alpine"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `alpine:3.21` not pinned by digest: `FROM alpine:3.21` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 49932, "scanner": "repobility-supply-chain", "fingerprint": "25f764876826cc1bf0b3936385ac1b990cde7d05504ba776e0f56bf5a8622415", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|25f764876826cc1bf0b3936385ac1b990cde7d05504ba776e0f56bf5a8622415"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile.alpine"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `debian:bookworm-slim` not pinned by digest: `FROM debian:bookworm-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 49931, "scanner": "repobility-supply-chain", "fingerprint": "de40c8f3783476cfcf73191551872826398f1b32d1f4d1818b438d44a382848e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|de40c8f3783476cfcf73191551872826398f1b32d1f4d1818b438d44a382848e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `rust:1.91-bookworm` not pinned by digest: `FROM rust:1.91-bookworm` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 49930, "scanner": "repobility-supply-chain", "fingerprint": "482ec6b2e6b06bebc9a311bf0af15af32671f264ddbdabc3316c739060f05260", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|482ec6b2e6b06bebc9a311bf0af15af32671f264ddbdabc3316c739060f05260"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `debian:bookworm-slim` not pinned by digest: `FROM debian:bookworm-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 49929, "scanner": "repobility-supply-chain", "fingerprint": "4ddccb917623b833732061e712462d8a76449974417320806e9d70e77465d261", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4ddccb917623b833732061e712462d8a76449974417320806e9d70e77465d261"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile.cli"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `rust:1.91-bookworm` not pinned by digest: `FROM rust:1.91-bookworm` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 49928, "scanner": "repobility-supply-chain", "fingerprint": "ef09fd878d66677fe49a2340472ee22e1d8404cc70f3b4f73ebcd1c2be6b6b44", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ef09fd878d66677fe49a2340472ee22e1d8404cc70f3b4f73ebcd1c2be6b6b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile.cli"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `alpine:3.21` not pinned by digest: `FROM alpine:3.21` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 49927, "scanner": "repobility-supply-chain", "fingerprint": "c4a09317c7c320d576d88a6e68b800b4f178205348124118122f8701b16c8d6b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c4a09317c7c320d576d88a6e68b800b4f178205348124118122f8701b16c8d6b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile.musl-nif"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/kreuzberg-dev/pre-commit-hooks` pinned to mutable rev `v1.2.3`: `.pre-commit-config.yaml` references `https://github.com/kreuzberg-dev/pre-commit-hooks` at `rev: v1.2.3`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 49926, "scanner": "repobility-supply-chain", "fingerprint": "61e5fc07eb1dab9c070a2019aa9aa71d298b7853258143b6e511467d5739295a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|61e5fc07eb1dab9c070a2019aa9aa71d298b7853258143b6e511467d5739295a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/Goldziher/gitfluff` pinned to mutable rev `v0.8.0`: `.pre-commit-config.yaml` references `https://github.com/Goldziher/gitfluff` at `rev: v0.8.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 49925, "scanner": "repobility-supply-chain", "fingerprint": "8fa3334e74043debc6d2315a2acd24ca13cc5800c2dbec3ce667bc82d2f51c8c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8fa3334e74043debc6d2315a2acd24ca13cc5800c2dbec3ce667bc82d2f51c8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_error_browser_page_timeout: Test function `test_error_browser_page_timeout` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 49924, "scanner": "repobility-ast-engine", "fingerprint": "436d14a244a5b4d8b32a9efd36d675451f0d8678b36d2a5e82674f8aa8f5e75b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|436d14a244a5b4d8b32a9efd36d675451f0d8678b36d2a5e82674f8aa8f5e75b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/python/tests/test_error.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_error_browser_launch_failure: Test function `test_error_browser_launch_failure` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 49923, "scanner": "repobility-ast-engine", "fingerprint": "dd073b9cdc88bf5890e60e7dd5b98aa4b976bfe11aecc39ebd9adbb267f23fe0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dd073b9cdc88bf5890e60e7dd5b98aa4b976bfe11aecc39ebd9adbb267f23fe0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/python/tests/test_error.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_error_502_bad_gateway: Test function `test_error_502_bad_gateway` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 49922, "scanner": "repobility-ast-engine", "fingerprint": "d5685b93a7fda3144fbc031cb08a50a549f35aa23175a7a077780bfb6820225f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d5685b93a7fda3144fbc031cb08a50a549f35aa23175a7a077780bfb6820225f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/python/tests/test_error.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_error_500_server: Test function `test_error_500_server` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 49921, "scanner": "repobility-ast-engine", "fingerprint": "af36c0d6fc89d9a18db7ae92f14c6669a183427deb61c48a48f1960db93d92a0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|af36c0d6fc89d9a18db7ae92f14c6669a183427deb61c48a48f1960db93d92a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/python/tests/test_error.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_error_410_gone: Test function `test_error_410_gone` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 49920, "scanner": "repobility-ast-engine", "fingerprint": "2a0ee460bddb078a633ec4d56b326363b023ffbbdf4c42590d8464746bcbd87a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2a0ee460bddb078a633ec4d56b326363b023ffbbdf4c42590d8464746bcbd87a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/python/tests/test_error.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_error_408_request_timeout: Test function `test_error_408_request_timeout` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 49919, "scanner": "repobility-ast-engine", "fingerprint": "a6e2d9bff3161553de3d6de46b9588bb7afeb72aa83ea61d08f972b602ca30a5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a6e2d9bff3161553de3d6de46b9588bb7afeb72aa83ea61d08f972b602ca30a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/python/tests/test_error.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_error_404_page: Test function `test_error_404_page` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 49918, "scanner": "repobility-ast-engine", "fingerprint": "d01c890f7abcbc6089d92ad309f79be8364a3b4c0bd61e0facc5fd0cf1de9bf2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d01c890f7abcbc6089d92ad309f79be8364a3b4c0bd61e0facc5fd0cf1de9bf2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/python/tests/test_error.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_error_403_forbidden: Test function `test_error_403_forbidden` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 49917, "scanner": "repobility-ast-engine", "fingerprint": "8c5962e3b60980074351b3d4d007526b3c6c552f3cf4694e4f0477875ce219b2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8c5962e3b60980074351b3d4d007526b3c6c552f3cf4694e4f0477875ce219b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/python/tests/test_error.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_error_401_unauthorized: Test function `test_error_401_unauthorized` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 49916, "scanner": "repobility-ast-engine", "fingerprint": "a18d1d4a181e46e23e7065590ca5ebc16d9928ae0cbd2a4693903644c5824b77", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a18d1d4a181e46e23e7065590ca5ebc16d9928ae0cbd2a4693903644c5824b77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/python/tests/test_error.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_engine_map_basic: Test function `test_engine_map_basic` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 49915, "scanner": "repobility-ast-engine", "fingerprint": "dbb0176984cc8defc6eba5260556371e636e99e7d90a0e5dc2c7bdeabac1373f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dbb0176984cc8defc6eba5260556371e636e99e7d90a0e5dc2c7bdeabac1373f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/python/tests/test_engine.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_engine_batch_basic: Test function `test_engine_batch_basic` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 49914, "scanner": "repobility-ast-engine", "fingerprint": "7f41985a113cfded5bfb0cda217e59431431d3c13d799736267128368c0d2d9d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7f41985a113cfded5bfb0cda217e59431431d3c13d799736267128368c0d2d9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/python/tests/test_engine.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_redirect_max_exceeded: Test function `test_redirect_max_exceeded` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 49913, "scanner": "repobility-ast-engine", "fingerprint": "78c1881a2b95807ee64dbfa3188058c801de9f08b7de64eb4487dd3f2722e42f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|78c1881a2b95807ee64dbfa3188058c801de9f08b7de64eb4487dd3f2722e42f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/python/tests/test_redirect.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_redirect_loop: Test function `test_redirect_loop` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 49912, "scanner": "repobility-ast-engine", "fingerprint": "58676a8586b8e9459efed36d74c2677bac0cd2086b6da83a7171373943869e84", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|58676a8586b8e9459efed36d74c2677bac0cd2086b6da83a7171373943869e84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/python/tests/test_redirect.py"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_filter_noop_crawl_all_kept: Test function `test_filter_noop_crawl_all_kept` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 49911, "scanner": "repobility-ast-engine", "fingerprint": "cc85588173f114735fae924c31cf5a26f3d55de24df968b2cb16ef688a10a929", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cc85588173f114735fae924c31cf5a26f3d55de24df968b2cb16ef688a10a929"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/python/tests/test_filter.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_filter_bm25_relevant_pages: Test function `test_filter_bm25_relevant_pages` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 49910, "scanner": "repobility-ast-engine", "fingerprint": "c1c0dd9f3b8554fa5f0c0f564efc83116148f85c00fbad18190d4c61e43085df", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c1c0dd9f3b8554fa5f0c0f564efc83116148f85c00fbad18190d4c61e43085df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/python/tests/test_filter.py"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_filter_bm25_high_threshold: Test function `test_filter_bm25_high_threshold` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 49909, "scanner": "repobility-ast-engine", "fingerprint": "716e4780b7da6bfb839e1b2f21313f4b0cc628416ccbb0d89cfd77ef61082ef7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|716e4780b7da6bfb839e1b2f21313f4b0cc628416ccbb0d89cfd77ef61082ef7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/python/tests/test_filter.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_filter_bm25_crawl_integration: Test function `test_filter_bm25_crawl_integration` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 49908, "scanner": "repobility-ast-engine", "fingerprint": "20bbe222baf9dd63f2c4a90273c2bbad018deb32cc679c1104a3588bbe57159f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|20bbe222baf9dd63f2c4a90273c2bbad018deb32cc679c1104a3588bbe57159f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/python/tests/test_filter.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_invalid_url: Test function `test_invalid_url` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 49906, "scanner": "repobility-ast-engine", "fingerprint": "29da91bb97f896af1f74a11066923e50182984d708b72ec60e76d20675d4e33d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|29da91bb97f896af1f74a11066923e50182984d708b72ec60e76d20675d4e33d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/ci/docker/test_docker.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_nonroot_user: Test function `test_nonroot_user` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 49905, "scanner": "repobility-ast-engine", "fingerprint": "8bf019757bdf73b90571a5f89003d4180c8aeccc92c294e4ac5f10b38db70ccf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8bf019757bdf73b90571a5f89003d4180c8aeccc92c294e4ac5f10b38db70ccf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/ci/docker/test_docker.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_scrape_json: Test function `test_scrape_json` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 49904, "scanner": "repobility-ast-engine", "fingerprint": "29c1033727829c1c1d6e7872f7475206fddf423179f7d52609b667bb5e84fb59", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|29c1033727829c1c1d6e7872f7475206fddf423179f7d52609b667bb5e84fb59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/ci/docker/test_docker.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_scrape_help: Test function `test_scrape_help` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 49903, "scanner": "repobility-ast-engine", "fingerprint": "bef9b547065f21e14104a714c92c231e0f7a3744eeabcfc5ecc325fba730ba88", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bef9b547065f21e14104a714c92c231e0f7a3744eeabcfc5ecc325fba730ba88"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/ci/docker/test_docker.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_help: Test function `test_help` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 49902, "scanner": "repobility-ast-engine", "fingerprint": "62ace7a1b5bd6effdd4c54a5bbcee12179b24a300b9ec9a829e6aabbf4266759", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|62ace7a1b5bd6effdd4c54a5bbcee12179b24a300b9ec9a829e6aabbf4266759"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/ci/docker/test_docker.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_version: Test function `test_version` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 49901, "scanner": "repobility-ast-engine", "fingerprint": "a43e5823463a8f51b84665252050ca874d76a454a8871b7287cf4c48f5f0ed29", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a43e5823463a8f51b84665252050ca874d76a454a8871b7287cf4c48f5f0ed29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/ci/docker/test_docker.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_all_endpoints_response_conformance: Test function `test_all_endpoints_response_conformance` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 49899, "scanner": "repobility-ast-engine", "fingerprint": "80e0e15c9fb7a42405782286661ff0b489821e0e8f26d86ef9c923a7edf8a9c3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|80e0e15c9fb7a42405782286661ff0b489821e0e8f26d86ef9c923a7edf8a9c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/api/test_contract.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_all_endpoints_no_server_errors: Test function `test_all_endpoints_no_server_errors` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 49898, "scanner": "repobility-ast-engine", "fingerprint": "74e56b09cdb69bfee1bf14a0aecc1b34e6219401b7e5f7cb224644a62dec9e6c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|74e56b09cdb69bfee1bf14a0aecc1b34e6219401b7e5f7cb224644a62dec9e6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/api/test_contract.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED012", "level": "error", "message": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "properties": {"repobilityId": 49864, "scanner": "repobility-threat-engine", "fingerprint": "33feb9e1d55b7171746c59af771214cad09197a5b76ac32ac4ac0e88e0cfc154", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "curl-pipe-bash", "owasp": "A08:2021", "cwe_ids": ["CWE-494"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347926+00:00", "triaged_in_corpus": 15, "observations_count": 135001, "ai_coder_pattern_id": 25}, "scanner": "repobility-threat-engine", "correlation_key": "fp|33feb9e1d55b7171746c59af771214cad09197a5b76ac32ac4ac0e88e0cfc154"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/ci/wasm/install-wasm-pack.sh"}, "region": {"startLine": 14}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 49842, "scanner": "repobility-threat-engine", "fingerprint": "ab97734e1aa1062bb20328e5ffab7109c438a14008e8a003cb625d6cb8d41686", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "hasher.update(&content);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ab97734e1aa1062bb20328e5ffab7109c438a14008e8a003cb625d6cb8d41686"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl/src/document.rs"}, "region": {"startLine": 45}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 49841, "scanner": "repobility-threat-engine", "fingerprint": "2cbe45d6bd014700059854df059bec5ff074a1e1dd010dd29cffcacaf241d21a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "hasher.update(&bytes);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2cbe45d6bd014700059854df059bec5ff074a1e1dd010dd29cffcacaf241d21a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl/src/assets.rs"}, "region": {"startLine": 107}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 49839, "scanner": "repobility-threat-engine", "fingerprint": "f49955871d12482d8e5396595a9fdebe2587e6b74f57ecf0015905f4a1a958e4", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f49955871d12482d8e5396595a9fdebe2587e6b74f57ecf0015905f4a1a958e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl/src/html/detection.rs"}, "region": {"startLine": 49}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 49838, "scanner": "repobility-threat-engine", "fingerprint": "2cab4a88056391046a90af21fed5154fba9a3c34aae630a09bcc8cd1e49be0fc", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2cab4a88056391046a90af21fed5154fba9a3c34aae630a09bcc8cd1e49be0fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl/src/browser_session_pool.rs"}, "region": {"startLine": 32}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 49837, "scanner": "repobility-threat-engine", "fingerprint": "38136512b0436eaef805951c47ef8688cace403bbd91f037db95cad41024bdd5", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(e", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|38136512b0436eaef805951c47ef8688cace403bbd91f037db95cad41024bdd5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl-bypass/src/provider.rs"}, "region": {"startLine": 162}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 49827, "scanner": "repobility-threat-engine", "fingerprint": "786064ef28fc5caefc0526ba58fee2dd62f3fad7ec5719626755d50ee6bca203", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|786064ef28fc5caefc0526ba58fee2dd62f3fad7ec5719626755d50ee6bca203"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl-browser/src/net/robots.rs"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 49826, "scanner": "repobility-threat-engine", "fingerprint": "e69451bbfae9b0d32b086368c3987e1638db5217712bd3b10474ef83590525b0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e69451bbfae9b0d32b086368c3987e1638db5217712bd3b10474ef83590525b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl-browser/src/dom/tree_sink.rs"}, "region": {"startLine": 272}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 49825, "scanner": "repobility-threat-engine", "fingerprint": "ec5564a254d2d8f5da78aee58c8f169388430610d87bb42ceb6e78d6d922c999", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ec5564a254d2d8f5da78aee58c8f169388430610d87bb42ceb6e78d6d922c999"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl-browser/build.rs"}, "region": {"startLine": 7}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /v1/batch/scrape/{id}."}, "properties": {"repobilityId": 6122, "scanner": "repobility-access-control", "fingerprint": "8d2701a7e23710b3675303bb0a102f52f499497747fc4b7bff0c43b709b33dcc", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/v1/batch/scrape/{id}", "method": "ANY", "scanner": "repobility-access-control", "framework": "Axum", "correlation_key": "code|auth|token|59|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl/src/api/router.rs"}, "region": {"startLine": 59}}}]}, {"ruleId": "DKR006", "level": "error", "message": {"text": "Dockerfile pipes a remote script into a shell"}, "properties": {"repobilityId": 6119, "scanner": "repobility-docker", "fingerprint": "75d4ec7047e0cdbded1c92155d88b8d236c61943117fbb51a6460dd5407d52a6", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "RUN instruction contains curl/wget piped into a shell.", "evidence": {"rule_id": "DKR006", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|75d4ec7047e0cdbded1c92155d88b8d236c61943117fbb51a6460dd5407d52a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile.musl-nif"}, "region": {"startLine": 21}}}]}, {"ruleId": "DKR006", "level": "error", "message": {"text": "Dockerfile pipes a remote script into a shell"}, "properties": {"repobilityId": 6118, "scanner": "repobility-docker", "fingerprint": "f3cf210ef8eae5a39e8da3303f16fc24d6d0aa22abd66b85e51a64b5e5908435", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "RUN instruction contains curl/wget piped into a shell.", "evidence": {"rule_id": "DKR006", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|f3cf210ef8eae5a39e8da3303f16fc24d6d0aa22abd66b85e51a64b5e5908435"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile.musl-ffi"}, "region": {"startLine": 21}}}]}, {"ruleId": "DKR006", "level": "error", "message": {"text": "Dockerfile pipes a remote script into a shell"}, "properties": {"repobilityId": 6117, "scanner": "repobility-docker", "fingerprint": "967a96450c72cd71429d49e24bc45458097ba26c5081b923b83d8bd6749e7da3", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "RUN instruction contains curl/wget piped into a shell.", "evidence": {"rule_id": "DKR006", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|967a96450c72cd71429d49e24bc45458097ba26c5081b923b83d8bd6749e7da3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile.musl-build"}, "region": {"startLine": 21}}}]}, {"ruleId": "DKR006", "level": "error", "message": {"text": "Dockerfile pipes a remote script into a shell"}, "properties": {"repobilityId": 6116, "scanner": "repobility-docker", "fingerprint": "568d4d61fc5979f207e76565f8ea806d6ba1db72be3229eb3f81c0b19a862ca4", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "RUN instruction contains curl/wget piped into a shell.", "evidence": {"rule_id": "DKR006", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|568d4d61fc5979f207e76565f8ea806d6ba1db72be3229eb3f81c0b19a862ca4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile.alpine"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CODECOV_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 49961, "scanner": "repobility-supply-chain", "fingerprint": "bc203858630c5241600c114c164cd3bcace59993b617d5ecb5a60a436435a0ef", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bc203858630c5241600c114c164cd3bcace59993b617d5ecb5a60a436435a0ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/coverage.yaml"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED013", "level": "error", "message": {"text": "[MINED013] Password In Url: https://user:password@host \u2014 leaks creds via logs, referrer, error messages."}, "properties": {"repobilityId": 49848, "scanner": "repobility-threat-engine", "fingerprint": "6b1ca5801e099029a4d63991366e4f9c39a24cd47d14f1f056ff3d3e54eb9c9c", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "password-in-url", "owasp": "A07:2021", "cwe_ids": ["CWE-200"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347928+00:00", "triaged_in_corpus": 20, "observations_count": 121646, "ai_coder_pattern_id": 37}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6b1ca5801e099029a4d63991366e4f9c39a24cd47d14f1f056ff3d3e54eb9c9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl/src/native_browser.rs"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED013", "level": "error", "message": {"text": "[MINED013] Password In Url: https://user:password@host \u2014 leaks creds via logs, referrer, error messages."}, "properties": {"repobilityId": 49847, "scanner": "repobility-threat-engine", "fingerprint": "03f627c31752ccf6d3e9752269d1f041762488c12ad483f5fb8678ff85059c80", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "password-in-url", "owasp": "A07:2021", "cwe_ids": ["CWE-200"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347928+00:00", "triaged_in_corpus": 20, "observations_count": 121646, "ai_coder_pattern_id": 37}, "scanner": "repobility-threat-engine", "correlation_key": "fp|03f627c31752ccf6d3e9752269d1f041762488c12ad483f5fb8678ff85059c80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/kreuzcrawl/src/interact/native.rs"}, "region": {"startLine": 85}}}]}]}]}